CVE-2026-45553 Overview
CVE-2026-45553 is a high-severity information disclosure vulnerability in NiceGUI, a Python-based UI framework. Versions prior to 3.12.0 render reStructuredText server-side through Docutils without disabling file insertion directives. When an application passes attacker-controlled content to ui.restructured_text(), an attacker can abuse standard Docutils directives to read arbitrary local files accessible to the NiceGUI server process. The flaw is categorized under [CWE-200] (Exposure of Sensitive Information to an Unauthorized Actor). Applications that only pass trusted static strings to ui.restructured_text() are not affected. The maintainers released version 3.12.0 with the fix.
Critical Impact
Unauthenticated remote attackers can read local files readable by the NiceGUI server process, including configuration files, secrets, and source code.
Affected Products
- NiceGUI versions prior to 3.12.0
- Python applications using ui.restructured_text() with untrusted input
- Docutils-backed reStructuredText rendering paths in NiceGUI
Discovery Timeline
- 2026-06-02 - CVE CVE-2026-45553 published to NVD
- 2026-06-02 - Last updated in NVD database
Technical Details for CVE-2026-45553
Vulnerability Analysis
NiceGUI exposes the ui.restructured_text() helper to render reStructuredText (reST) content inside web UIs. The renderer relies on Docutils, which supports directives that read external resources. In affected versions, NiceGUI invokes Docutils without disabling file insertion directives such as include, csv-table with the :file: option, and raw with the :file: option. Any application that forwards user-supplied content to this function inherits that behavior.
The result is a server-side file read primitive reachable over the network. An attacker submits crafted reST content; the server parses it and embeds the contents of local files into the rendered output returned to the client. The impact is confidentiality only — integrity and availability are unaffected — but disclosed files may include credentials, tokens, or private keys that enable follow-on attacks.
Root Cause
The root cause is insecure default configuration of the Docutils publisher. Docutils enables file-reading directives unless the caller explicitly sets file_insertion_enabled=False in the publisher settings. NiceGUI did not pass this setting, leaving the directives active for all input rendered through ui.restructured_text().
Attack Vector
The attack is network-reachable and requires no authentication or user interaction when the vulnerable endpoint accepts untrusted reST input. An attacker submits a payload containing a directive such as .. include:: /etc/passwd or a csv-table directive with :file: pointing to a sensitive path. The server reads the referenced file and returns its contents inside the rendered page. File access is bounded by the privileges of the NiceGUI server process.
No verified public proof-of-concept code is available. Refer to the GitHub Security Advisory GHSA-jfrm-rx66-g536 for additional technical context.
Detection Methods for CVE-2026-45553
Indicators of Compromise
- Inbound HTTP request bodies or query parameters containing Docutils directives such as .. include::, .. csv-table:: with :file:, or .. raw:: with :file:.
- Application logs showing ui.restructured_text() invocations correlated with file read access to sensitive paths like /etc/passwd, .env, or private key files.
- Outbound HTTP responses containing fragments of local configuration files or credentials.
Detection Strategies
- Inspect web application logs and WAF telemetry for reST directive keywords (include, csv-table, raw) submitted through form fields, query strings, or API bodies.
- Audit application source code for any path where user input flows into ui.restructured_text() without sanitization.
- Monitor process file access on hosts running NiceGUI for unexpected reads of sensitive files by the Python interpreter.
Monitoring Recommendations
- Enable verbose access logging on NiceGUI endpoints that render reST content and forward logs to a centralized analytics platform.
- Alert on file read syscalls from the NiceGUI process targeting paths outside the application working directory.
- Track installed NiceGUI versions across the fleet and flag any instance below 3.12.0.
How to Mitigate CVE-2026-45553
Immediate Actions Required
- Upgrade NiceGUI to version 3.12.0 or later on all hosts.
- Inventory every call to ui.restructured_text() and confirm whether the input source is trusted static content or user-supplied data.
- Restrict the file system permissions of the NiceGUI server process so it cannot read secrets, keys, or unrelated application data.
Patch Information
The issue is fixed in NiceGUI 3.12.0, which configures Docutils to disable file insertion directives. Release notes are available at the GitHub Release v3.12.0 page and the GitHub Security Advisory GHSA-jfrm-rx66-g536.
Workarounds
- Stop passing untrusted input to ui.restructured_text() and render only static, developer-controlled reST content until the upgrade is complete.
- Place the NiceGUI process inside a container or sandbox with a minimal read-only file system to limit the scope of any file disclosure.
- Deploy WAF rules that block request payloads containing reST directives referencing the :file: option.
# Upgrade NiceGUI to the patched version
pip install --upgrade 'nicegui>=3.12.0'
# Verify the installed version
python -c "import nicegui; print(nicegui.__version__)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
